Do I need a safety instrumented system?

The number one goal of any safety system or device is to protect people and do it while remaining unnoticed. Sensors and activation mechanisms for automobile airbags are safety systems. On commercial airplanes, flight attendants explain that a sudden cabin depressurization will automatically cause oxygen masks to drop from the overhead compartments.

01/01/2000


The number one goal of any safety system or device is to protect people and do it while remaining unnoticed. Sensors and activation mechanisms for automobile airbags are safety systems. On commercial airplanes, flight attendants explain that a sudden cabin depressurization will automatically cause oxygen masks to drop from the overhead compartments. In our homes, smoke and carbon monoxide detectors, ground fault protectors, and automatic garage-door reversal mechanisms are each a form of a safety system.

At work, light curtains protect us from crushing our arms and hands in presses, dikes provide liquid containment if a vessel ruptures, relief valves and rupture-disk protect against overpressuring vessels, and flammable gas and low oxygen detectors alert of unsafe conditions.

Deciding if safety instrumented systems are necessary may be as simple as determining if the process is covered by U.S. Occupational Safety and Health Administration (OSHA, Washington, D.C.) regulations such as 29 CFR 1910.119 "Process Safety Management of Highly Hazardous Chemicals (PSM)." But responsible companies don't require regulations to do the right thing. Responsible companies already know it's better for business tangibles and intangibles to avoid accidents. Companies manage risk and safety by assessing the process, identifying and quantifying risk, and defining the independent safety layers that may exist or could be used.

What's this all mean?

It begins when a company defines their tolerable level of risk. Tolerable risk (death) is a taboo subject, especially in the U.S., but juries place dollar amounts on life every day using a subjective rationalization that transcends engineering or science.

A simple definition of risk is "potential for injury and/or death" but that definition requires more detail. What is a tolerable level of risk? What is a tolerable injury or death rate? How many people can a company tolerate killing? (The answer is not "zero." No company is willing to permanently close their doors if there is a single accidental death.)

The English promote a concept called ALARP (As Low As Reasonably Practical). If the risk is above a certain threshold, it must be reduced. If the risk is below a different threshold, it is low enough to be considered acceptable. When the risk is somewhere in between, further considerations to lower the risk are required.

Managing risk and safety

Common sense tells us which industries have high risk. We all know of major nuclear accidents in the U.S., Soviet Union, and now Japan. Many of us live near refineries that have gone "boom." There have been major chemical plant accidents in Flixborough, England; Seveso, Italy; Bhopal, India; and Pasadena and Channelview, Texas.

When OSHA 29 CFR 1910.119 PSM was enacted in 1992, OSHA estimated 25,000 U.S. facilities would be affected and 264 deaths and 1,534 injuries/illnesses would be avoided annually.

To avoid confusion about which facilities were covered by the regulations, OSHA provided high-risk industries a simple definition; any U.S. facility site with over 10,000 pounds of flammable material, toxic materials exceeding defined thresholds, or any explosive materials is covered by the OSHA PSM regulation.

So how do you lower the risk of a facility to a tolerable level?

The chemical industry has promoted the concept of "inherently safe" designs for over a decade. Designing inherently safe processes requires balancing the risk to workers and surrounding community with economics. For example, the early manufacture of nitroglycerin was a batch process. Operators watched a single gauge to ensure the process remained in the safe operating range. Occasionally operators fell asleep, resulting in a search for a replacement operator. Accident investigation identified the operator going to sleep as the root cause. The solution was to provide the operator a one-legged stool. Real nitroglycerin manufacturing safety was achieved through a process redesign. Changing from batch to a small volume, continuous reaction process reduced the amount of material and resulted in an inherently safe design.

Part of designing inherently safe processes requires identifying hazards and operating problems and assigning quantified levels of risk to each identified hazard well before the process design is complete.

If the risk is above a certain threshold, it must be reduced.

Before adding complex safety instrumented systems, consider simple, noninstrumented safety protection layers. For example, an overflow vessel, dike, or containment wall could prevent a spill. Extra heavy vessel walls or pressure relief valves could prevent a pressurized vessel from bursting. These simple devices may reduce the risk to a tolerable level.

Now you're prepared to answer the question, "Do I need a safety instrumented system?" If the risks of your process can be controlled to a tolerable level without a safety instrumented system—no. If the risks cannot be controlled to an acceptable level by the application of noninstrumented layers, then—yes.

Do you have a safety instrumented system question? E-mail dharrold@cahners.com


Author Information

Paul Gruhn is a safety-systems specialist at Moore Process Automation Solutions


What belongs in risk ranking models?

Managing risk requires identifying and quantifying risk uniformly throughout the enterprise. It's permissible to use different ranking models, but the criteria needs to remain consistent. For example, the severity of worker injuries resulting in lost workdays should be the same in every plant in every country.

Risk ranking models generally examine an event's frequency (likelihood) and the severity (impact) of the event on different domains.

Frequency is most commonly defined in occurrences per year. For example, a company might define a low frequency event as one expected to occur once in 50 years and a high frequency as an event that occurs once per year.

Severity rankings examine the following domains:

Public safety and health;

Site safety and health;

Environmental impact;

Liability costs;

Business interruptions and quality issues; and

Equipment damage and repair costs.

Events that expose the public to the potential of injury, illness, or death should always receive high severity rankings.

Some will argue site workers and the public should be treated equally, but the idea in separating the two domains is because the public is less prepared than site workers and thus require additional consideration.

Environmental impact is defined as minor or localized; significant, including regulatory violations; and major, causing long-term damage.

Some risk ranking models combine domains. Legal experts advise not to combine domains that result in mixing dollar amounts with injury, death, and environmental issues. When injury, death, environment, and dollar information is combined and presented to a jury, it appears the "evil" company has established dollar values on human life and/or the environment.

Liability cost is frequently lumped with production or equipment costs, but lumping cost together leads to underestimated total costs.

Liability, business interruptions, and equipment damage are defined in dollars. For example, major might be defined as >$10,000,000 for liability, >$200,000 for production interruptions, and >$100,000 for equipment damage.

Regardless of the risk-ranking model used, the model needs to be reviewed at least annually and updated to reflect current corporate risk assessment philosophies.

Similarly, how personnel use the model requires monitoring for consistency, especially as part of an event (incident or accident) investigation. For example, if the same or similar event occurs twice in five years and the event was ranked as likely to occur once in 50 years, those persons assigning the ranking may require additional training, but for sure the event needs to be reassessed.

When events are regularly "under ranked," companies open themselves up to media criticism, increased scrutiny from regulatory agencies, and possible liability. Establishment, consistent usage, and maintenance of a risk assessment model brings users one step closer to understanding how to manage risk and remain in business.



No comments
The Engineers' Choice Awards highlight some of the best new control, instrumentation and automation products as chosen by...
Each year, a panel of Control Engineering editors and industry expert judges select the System Integrator of the Year Award winners.
The Engineering Leaders Under 40 program identifies and gives recognition to young engineers who...
Learn how to increase device reliability in harsh environments and decrease unplanned system downtime.
This eGuide contains a series of articles and videos that considers theoretical and practical; immediate needs and a look into the future.
Learn how to create value with re-use; gain productivity with lean automation and connectivity, and optimize panel design and construction.
Go deep: Automation tackles offshore oil challenges; Ethernet advice; Wireless robotics; Product exclusives; Digital edition exclusives
Lost in the gray scale? How to get effective HMIs; Best practices: Integrate old and new wireless systems; Smart software, networks; Service provider certifications
Fixing PID: Part 2: Tweaking controller strategy; Machine safety networks; Salary survey and career advice; Smart I/O architecture; Product exclusives
The Ask Control Engineering blog covers all aspects of automation, including motors, drives, sensors, motion control, machine control, and embedded systems.
Look at the basics of industrial wireless technologies, wireless concepts, wireless standards, and wireless best practices with Daniel E. Capano of Diversified Technical Services Inc.
Join this ongoing discussion of machine guarding topics, including solutions assessments, regulatory compliance, gap analysis...
This is a blog from the trenches – written by engineers who are implementing and upgrading control systems every day across every industry.
IMS Research, recently acquired by IHS Inc., is a leading independent supplier of market research and consultancy to the global electronics industry.

Find and connect with the most suitable service provider for your unique application. Start searching the Global System Integrator Database Now!

Case Study Database

Case Study Database

Get more exposure for your case study by uploading it to the Control Engineering case study database, where end-users can identify relevant solutions and explore what the experts are doing to effectively implement a variety of technology and productivity related projects.

These case studies provide examples of how knowledgeable solution providers have used technology, processes and people to create effective and successful implementations in real-world situations. Case studies can be completed by filling out a simple online form where you can outline the project title, abstract, and full story in 1500 words or less; upload photos, videos and a logo.

Click here to visit the Case Study Database and upload your case study.